Comp tia security sy0 601 domain 3 implementation
- 2. www.infosectrain.com | sales@infosectrain.com 01 The latest version of Security+ SY0-601 have 5 Domains: Domain 1.0: Attacks, Threats, and Vulnerabilities (24%) Domain 2.0: Architecture and Design (21%) Domain 3.0: Implementation (25%) Domain 4.0: Operations and Incident Response (16%) Domain 5.0: Governance, Risk, and Compliance (14%) In this blog, we discuss the second domain 3: Implementation
- 3. www.infosectrain.com | sales@infosectrain.com 02 Implementation D O M A I N 3 For a company’s security program, implementation is critical. It is the point at which a security system or technology comes into being, a new security effort is nothing but a collection of thoughts on a document if it isn’t put into action. In this domain, we cover 9 objectives and their subtopics. The objectives covered in security+ domain 3.0 are listed below. 1. Implement Secure Protocols 2. Implement Host or Application Security Solutions 3. Implement Secure Network Designs 4. Install and Configure Wireless Security Settings 5. Implement Secure Mobile Solutions 6. Apply Cybersecurity Solutions to the Cloud 7. Implement Identity and Account Management Controls 8. Implement Authentication and Authorization Solutions 9. Implement Public Key Infrastructure
- 4. www.infosectrain.com | sales@infosectrain.com 03 Implement Secure Protocols 01 Cyber attackers can take advantage of insecure protocols to damage data security and the integrity of systems. In this lesson, you’ll learn about some of the protocols and services that provide network hosts with addressing, name resolution, and monitoring. These protocols aren’t as visible as apps like web servers and email servers, but they’re essential for securing networks. This lesson covers two parts: Protocols and Use case. Inside Protocols we learn Domain Name System (DNS), DNS Security Extensions (DNSSEC), Secure Real-time Transport Protocol (SRTP), File Transfer Protocol (FTPS), SSH File Transfer Protocols (SFTP), Understand Simple Network Management Protocol (SNMP) framework, Hypertext Transfer Protocol (HTTP), we can cover email service protocols, secure POP3 (Post Office Protocol v3), Secure IMAP (Internet Message Access Protocol v4). We understand Internet Protocol Security (IPSec) and its 2 Protocols: In Use case part we learn how security protocols work inside this we cover: • Authentication Header (AH) • Encapsulation Security Payload (ESP) • Voice and Video • Time Synchronization • Email and Web • File Transfer • Directory Services • Remote Access • Domain Name Resolution • Routing and Switching • Network Address Allocation • Subscription Services
- 5. www.infosectrain.com | sales@infosectrain.com 04 Implement Host or Application Security Solutions 02 This lesson is concentrated on which security solutions are implemented for various hosts and applications. Inside this lesson, we cover Endpoint Protection, Boot Integrity, Application Security, Hardening. In Endpoint Protection we can understand Antivirus and Anti- Malware, NGFW (Next-generation firewall), Host-based intrusion detection system (HIDS), Endpoint detection and response (EDR), Data Loss Prevention (DLP). Boot Integrity covers Boot Security, Unified Extension Firmware Interface (UEFI), work of Measured boot and Boot Attestation. Inside Application security we learn Input Validation, Secure Cookies, HTTP Headers, we understand Allow list, Block list, Dynamic Code analysis.
- 6. www.infosectrain.com | sales@infosectrain.com 05 Implement Secure Network Designs 03 Networks are as prevalent in the business as computers themselves. As a result, understanding secure network designs is essential for creating a protected network for your company. In this lesson we understand the working of Load balancing, Network segmentation, Virtual local area network (VLAN), we learn the difference between Extranet and Intranet. Cover the working of VPN (Virtual Private Network), DNA, also cover Network access control (NAC), Access control list (ACL). We will also understand the use of Port security.
- 7. www.infosectrain.com | sales@infosectrain.com 06 Install and Configure Wireless Security Settings 04 Wireless security is becoming very important in the field of information security. In this lesson, we learn Cryptographic protocols, WiFi protected Access 2 (WAP2) and WiFi protected access 3 (WAP3), Simultaneous Authentication of Equals (SAE). We also cover Authentication protocols, Extensible authentication protocol (EAP), Protected Extensible Authentication Protocol (PEAP), IEEE 802.1X. We understand the Methods of configuring wireless security and Installation considerations, WiFi Protected Setup (WPS), Site surveys, WiFi analyzers, Wireless access point (WAP) placement.
- 8. www.infosectrain.com | sales@infosectrain.com 07 Implement Secure Mobile Solutions 05 In this lesson, we will understand the concept of Connection methods and receivers. Inside this concept, we cover Cellular, WiFi, Bluetooth, NFC, Infrared, Point to Point, Point to multipoint. We learn Mobile device management (MDM), Application management, Content management, Remote wipe, Geofencing, Screen lock, Biometrics, Storage segmentation. We cover Deployment models, BYOD (Bring your own device), Corporate-owned personally enabled (COPE), Choose your own device (CYOD), Virtual desktop infrastructure (VDI).
- 9. www.infosectrain.com | sales@infosectrain.com 08 Apply Cybersecurity Solutions to the Cloud 06 In this lesson, we will learn the use of Cloud security controls, Cybersecurity solutions, and Cloud-native controls vs third-party solutions. In Cloud Security controls we will cover several sub-topics like High availability across zones, Storage, Network, Compute. And inside Cybersecurity solutions, we cover Application security, Next-generation secure web gateway (SWG), Firewall considerations in a cloud environment.
- 10. www.infosectrain.com | sales@infosectrain.com 09 Implement Identity and Account Management Controls 07 In this lesson, we will learn 3 topics: Identity, Account types, and Account policies. In the first topic Identity, we cover Identity providers (IdP), know about Identity Attributes, how the tokens are used, SSH keys, and Smart cards. In the second topic, we cover types of accounts, User account, Guest accounts, Service accounts. Inside Account policies, we cover Account permissions, Access policies, Password complexity, Time-based logins, Account audits.
- 11. www.infosectrain.com | sales@infosectrain.com 10 Implement Authentication and Authorization Solutions 08 In this lesson, we will learn Authentication management, Password keys, Password vaults, TPM, Knowledge-based authentication. We will cover Authentication/authorization, inside this topic we will understand Challenge-Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), Terminal Access Controller Access Control System Plus (TACACS+), Kerberos, OpenID. We also cover Access control schemes and their subtopics Attribute-based access control (ABAC), Role-based access control, Rule-based access control, Privileged access management, Filesystem permissions.
- 12. www.infosectrain.com | sales@infosectrain.com 11 Implement Public Key Infrastructure 09 In this lesson, we will cover the concept of Public key infrastructure (PKI), Key management, Certificate authority (CA), Certificate revocation list (CRL), use of Certificate attributes, Online Certificate Status Protocol (OCSP), Certificate signing request (CSR). We learn types of certificates, Wildcard, Subject alternative name, Code signing, Domain Validation, Extended validation. We also cover formats of certification and Concepts of certification changing, Key escrow, online vs offline CA.